name: Promote

on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Release version (e.g. v0.1.0)'
        required: true
      channel:
        description: 'Release channel'
        required: true
        default: 'stable'
      # Note: For pre-releases, we want to promote the pre-release version to
      # the (stable) channel, but not set it as the "current" version.
      # See: https://github.com/upbound/build/pull/243
      pre-release:
        type: boolean
        description: 'This is a pre-release'
        required: true
        default: false

env:
  # Common versions
  GO_VERSION: '1.22.0'

  # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
  # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
  # credentials have been provided before trying to run steps that need them.
  DOCKER_USR: ${{ secrets.DOCKER_USR }}
  AWS_USR: ${{ secrets.AWS_USR }}
  UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}

jobs:
  promote-artifacts:
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
        with:
          submodules: true

      - name: Setup Go
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Fetch History
        run: git fetch --prune --unshallow

      - name: Login to DockerHub
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
        if: env.DOCKER_USR != ''
        with:
          username: ${{ secrets.DOCKER_USR }}
          password: ${{ secrets.DOCKER_PSW }}

      - name: Login to Upbound
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
        if: env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
        with:
          registry: xpkg.upbound.io
          username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
          password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }}

      - name: Promote Artifacts in S3, DockerHub, and Upbound Registry
        if: env.AWS_USR != '' && env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
        run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/}
        env:
          VERSION: ${{ github.event.inputs.version }}
          CHANNEL: ${{ github.event.inputs.channel }}
          PRE_RELEASE: ${{ github.event.inputs.pre-release }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
          AWS_DEFAULT_REGION: us-east-1
